]> The Tcpdump Group git mirrors - tcpdump/blob - print-radius.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
hexdump attribute data if -vv flag
[tcpdump] / print-radius.c
1 /*
2 * Copyright (C) 2000 Alfredo Andres Omella. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 * 3. The names of the authors may not be used to endorse or promote
15 * products derived from this software without specific prior
16 * written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22 /*
23 * Radius printer routines as specified on:
24 *
25 * RFC 2865:
26 * "Remote Authentication Dial In User Service (RADIUS)"
27 *
28 * RFC 2866:
29 * "RADIUS Accounting"
30 *
31 * RFC 2867:
32 * "RADIUS Accounting Modifications for Tunnel Protocol Support"
33 *
34 * RFC 2868:
35 * "RADIUS Attributes for Tunnel Protocol Support"
36 *
37 * RFC 2869:
38 * "RADIUS Extensions"
39 *
40 * Alfredo Andres Omella (aandres@s21sec.com) v0.1 2000/09/15
41 *
42 * TODO: Among other things to print ok MacIntosh and Vendor values
43 */
44
45 #ifndef lint
46 static const char rcsid[] _U_ =
47 "$Id: print-radius.c,v 1.23 2003-12-15 13:52:15 hannes Exp $";
48 #endif
49
50 #ifdef HAVE_CONFIG_H
51 #include "config.h"
52 #endif
53
54 #include <tcpdump-stdinc.h>
55
56 #include <string.h>
57
58 #include <stdio.h>
59
60 #include "interface.h"
61 #include "addrtoname.h"
62 #include "extract.h"
63 #include "oui.h"
64
65 #define TAM_SIZE(x) (sizeof(x)/sizeof(x[0]) )
66
67 #define PRINT_HEX(bytes_len, ptr_data) \
68 while(bytes_len) \
69 { \
70 printf("%02X", *ptr_data ); \
71 ptr_data++; \
72 bytes_len--; \
73 }
74
75
76 /* Radius packet codes */
77 #define RADCMD_ACCESS_REQ 1 /* Access-Request */
78 #define RADCMD_ACCESS_ACC 2 /* Access-Accept */
79 #define RADCMD_ACCESS_REJ 3 /* Access-Reject */
80 #define RADCMD_ACCOUN_REQ 4 /* Accounting-Request */
81 #define RADCMD_ACCOUN_RES 5 /* Accounting-Response */
82 #define RADCMD_ACCESS_CHA 11 /* Access-Challenge */
83 #define RADCMD_STATUS_SER 12 /* Status-Server */
84 #define RADCMD_STATUS_CLI 13 /* Status-Client */
85 #define RADCMD_RESERVED 255 /* Reserved */
86
87 static struct tok radius_command_values[] = {
88 { RADCMD_ACCESS_REQ, "Access Request" },
89 { RADCMD_ACCESS_ACC, "Access Accept" },
90 { RADCMD_ACCESS_REJ, "Access Reject" },
91 { RADCMD_ACCOUN_REQ, "Accounting Request" },
92 { RADCMD_ACCOUN_RES, "Accounting Response" },
93 { RADCMD_ACCESS_CHA, "Access Challenge" },
94 { RADCMD_STATUS_SER, "Status Server" },
95 { RADCMD_STATUS_CLI, "Status Client" },
96 { RADCMD_RESERVED, "Reserved" },
97 { 0, NULL}
98 };
99
100 /********************************/
101 /* Begin Radius Attribute types */
102 /********************************/
103 #define SERV_TYPE 6
104 #define FRM_IPADDR 8
105 #define LOG_IPHOST 14
106 #define LOG_SERVICE 15
107 #define FRM_IPX 23
108 #define SESSION_TIMEOUT 27
109 #define IDLE_TIMEOUT 28
110 #define FRM_ATALK_LINK 37
111 #define FRM_ATALK_NETWORK 38
112
113 #define ACCT_DELAY 41
114 #define ACCT_SESSION_TIME 46
115
116 #define TUNNEL_TYPE 64
117 #define TUNNEL_MEDIUM 65
118 #define TUNNEL_CLIENT_END 66
119 #define TUNNEL_SERVER_END 67
120 #define TUNNEL_PASS 69
121
122 #define ARAP_PASS 70
123 #define ARAP_FEATURES 71
124
125 #define TUNNEL_PRIV_GROUP 81
126 #define TUNNEL_ASSIGN_ID 82
127 #define TUNNEL_PREFERENCE 83
128
129 #define ARAP_CHALLENGE_RESP 84
130 #define ACCT_INT_INTERVAL 85
131
132 #define TUNNEL_CLIENT_AUTH 90
133 #define TUNNEL_SERVER_AUTH 91
134 /********************************/
135 /* End Radius Attribute types */
136 /********************************/
137
138
139 static void print_attr_string(register u_char *, u_int, u_short );
140 static void print_attr_num(register u_char *, u_int, u_short );
141 static void print_vendor_attr(register u_char *, u_int, u_short );
142 static void print_attr_address(register u_char *, u_int, u_short);
143 static void print_attr_time(register u_char *, u_int, u_short);
144 static void print_attr_strange(register u_char *, u_int, u_short);
145
146
147 struct radius_hdr { u_int8_t code; /* Radius packet code */
148 u_int8_t id; /* Radius packet id */
149 u_int16_t len; /* Radius total length */
150 u_int8_t auth[16]; /* Authenticator */
151 };
152
153 #define MIN_RADIUS_LEN 20
154
155 struct radius_attr { u_int8_t type; /* Attribute type */
156 u_int8_t len; /* Attribute length */
157 };
158
159
160 /* Service-Type Attribute standard values */
161 static const char *serv_type[]={ NULL,
162 "Login",
163 "Framed",
164 "Callback Login",
165 "Callback Framed",
166 "Outbound",
167 "Administrative",
168 "NAS Prompt",
169 "Authenticate Only",
170 "Callback NAS Prompt",
171 "Call Check",
172 "Callback Administrative",
173 };
174
175 /* Framed-Protocol Attribute standard values */
176 static const char *frm_proto[]={ NULL,
177 "PPP",
178 "SLIP",
179 "ARAP",
180 "Gandalf proprietary",
181 "Xylogics IPX/SLIP",
182 "X.75 Synchronous",
183 };
184
185 /* Framed-Routing Attribute standard values */
186 static const char *frm_routing[]={ "None",
187 "Send",
188 "Listen",
189 "Send&Listen",
190 };
191
192 /* Framed-Compression Attribute standard values */
193 static const char *frm_comp[]={ "None",
194 "VJ TCP/IP",
195 "IPX",
196 "Stac-LZS",
197 };
198
199 /* Login-Service Attribute standard values */
200 static const char *login_serv[]={ "Telnet",
201 "Rlogin",
202 "TCP Clear",
203 "PortMaster(proprietary)",
204 "LAT",
205 "X.25-PAD",
206 "X.25-T3POS",
207 "Unassigned",
208 "TCP Clear Quiet",
209 };
210
211
212 /* Termination-Action Attribute standard values */
213 static const char *term_action[]={ "Default",
214 "RADIUS-Request",
215 };
216
217 /* NAS-Port-Type Attribute standard values */
218 static const char *nas_port_type[]={ "Async",
219 "Sync",
220 "ISDN Sync",
221 "ISDN Async V.120",
222 "ISDN Async V.110",
223 "Virtual",
224 "PIAFS",
225 "HDLC Clear Channel",
226 "X.25",
227 "X.75",
228 "G.3 Fax",
229 "SDSL",
230 "ADSL-CAP",
231 "ADSL-DMT",
232 "ISDN-DSL",
233 "Ethernet",
234 "xDSL",
235 "Cable",
236 "Wireless - Other",
237 "Wireless - IEEE 802.11",
238 };
239
240 /* Acct-Status-Type Accounting Attribute standard values */
241 static const char *acct_status[]={ NULL,
242 "Start",
243 "Stop",
244 "Interim-Update",
245 "Unassigned",
246 "Unassigned",
247 "Unassigned",
248 "Accounting-On",
249 "Accounting-Off",
250 "Tunnel-Start",
251 "Tunnel-Stop",
252 "Tunnel-Reject",
253 "Tunnel-Link-Start",
254 "Tunnel-Link-Stop",
255 "Tunnel-Link-Reject",
256 "Failed",
257 };
258
259 /* Acct-Authentic Accounting Attribute standard values */
260 static const char *acct_auth[]={ NULL,
261 "RADIUS",
262 "Local",
263 "Remote",
264 };
265
266 /* Acct-Terminate-Cause Accounting Attribute standard values */
267 static const char *acct_term[]={ NULL,
268 "User Request",
269 "Lost Carrier",
270 "Lost Service",
271 "Idle Timeout",
272 "Session Timeout",
273 "Admin Reset",
274 "Admin Reboot",
275 "Port Error",
276 "NAS Error",
277 "NAS Request",
278 "NAS Reboot",
279 "Port Unneeded",
280 "Port Preempted",
281 "Port Suspended",
282 "Service Unavailable",
283 "Callback",
284 "User Error",
285 "Host Request",
286 };
287
288 /* Tunnel-Type Attribute standard values */
289 static const char *tunnel_type[]={ NULL,
290 "PPTP",
291 "L2F",
292 "L2TP",
293 "ATMP",
294 "VTP",
295 "AH",
296 "IP-IP",
297 "MIN-IP-IP",
298 "ESP",
299 "GRE",
300 "DVS",
301 "IP-in-IP Tunneling",
302 };
303
304 /* Tunnel-Medium-Type Attribute standard values */
305 static const char *tunnel_medium[]={ NULL,
306 "IPv4",
307 "IPv6",
308 "NSAP",
309 "HDLC",
310 "BBN 1822",
311 "802",
312 "E.163",
313 "E.164",
314 "F.69",
315 "X.121",
316 "IPX",
317 "Appletalk",
318 "Decnet IV",
319 "Banyan Vines",
320 "E.164 with NSAP subaddress",
321 };
322
323 /* ARAP-Zone-Access Attribute standard values */
324 static const char *arap_zone[]={ NULL,
325 "Only access to dfl zone",
326 "Use zone filter inc.",
327 "Not used",
328 "Use zone filter exc.",
329 };
330
331 static const char *prompt[]={ "No Echo",
332 "Echo",
333 };
334
335
336 struct attrtype { const char *name; /* Attribute name */
337 const char **subtypes; /* Standard Values (if any) */
338 u_char siz_subtypes; /* Size of total standard values */
339 u_char first_subtype; /* First standard value is 0 or 1 */
340 void (*print_func)(register u_char *, u_int, u_short );
341 } attr_type[]=
342 {
343 { NULL, NULL, 0, 0, NULL },
344 { "Username", NULL, 0, 0, print_attr_string },
345 { "Password", NULL, 0, 0, NULL },
346 { "CHAP Password", NULL, 0, 0, NULL },
347 { "NAS IP Address", NULL, 0, 0, print_attr_address },
348 { "NAS Port", NULL, 0, 0, print_attr_num },
349 { "Service Type", serv_type, TAM_SIZE(serv_type)-1, 1, print_attr_num },
350 { "Framed Protocol", frm_proto, TAM_SIZE(frm_proto)-1, 1, print_attr_num },
351 { "Framed IP Address", NULL, 0, 0, print_attr_address },
352 { "Framed IP Network", NULL, 0, 0, print_attr_address },
353 { "Framed Routing", frm_routing, TAM_SIZE(frm_routing), 0, print_attr_num },
354 { "Filter ID", NULL, 0, 0, print_attr_string },
355 { "Framed MTU", NULL, 0, 0, print_attr_num },
356 { "Framed Compression", frm_comp, TAM_SIZE(frm_comp), 0, print_attr_num },
357 { "Login IP Host", NULL, 0, 0, print_attr_address },
358 { "Login Service", login_serv, TAM_SIZE(login_serv), 0, print_attr_num },
359 { "Login TCP Port", NULL, 0, 0, print_attr_num },
360 { "Unassigned", NULL, 0, 0, NULL }, /*17*/
361 { "Reply", NULL, 0, 0, print_attr_string },
362 { "Callback-number", NULL, 0, 0, print_attr_string },
363 { "Callback-ID", NULL, 0, 0, print_attr_string },
364 { "Unassigned", NULL, 0, 0, NULL }, /*21*/
365 { "Framed Route", NULL, 0, 0, print_attr_string },
366 { "Framed IPX Network", NULL, 0, 0, print_attr_num },
367 { "State", NULL, 0, 0, print_attr_string },
368 { "Class", NULL, 0, 0, print_attr_string },
369 { "Vendor Specific", NULL, 0, 0, print_vendor_attr },
370 { "Session Timeout", NULL, 0, 0, print_attr_num },
371 { "Idle Timeout", NULL, 0, 0, print_attr_num },
372 { "Termination Action", term_action, TAM_SIZE(term_action), 0, print_attr_num },
373 { "Called Station", NULL, 0, 0, print_attr_string },
374 { "Calling Station", NULL, 0, 0, print_attr_string },
375 { "NAS ID", NULL, 0, 0, print_attr_string },
376 { "Proxy State", NULL, 0, 0, print_attr_string },
377 { "Login LAT Service", NULL, 0, 0, print_attr_string },
378 { "Login LAT Node", NULL, 0, 0, print_attr_string },
379 { "Login LAT Group", NULL, 0, 0, print_attr_string },
380 { "Framed Appletalk Link", NULL, 0, 0, print_attr_num },
381 { "Framed Appltalk Net", NULL, 0, 0, print_attr_num },
382 { "Framed Appletalk Zone", NULL, 0, 0, print_attr_string },
383 { "Accounting Status", acct_status, TAM_SIZE(acct_status)-1, 1, print_attr_num },
384 { "Accounting Delay", NULL, 0, 0, print_attr_num },
385 { "Accounting Input Octets", NULL, 0, 0, print_attr_num },
386 { "Accounting Output Octets", NULL, 0, 0, print_attr_num },
387 { "Accounting Session ID", NULL, 0, 0, print_attr_string },
388 { "Accounting Authentication", acct_auth, TAM_SIZE(acct_auth)-1, 1, print_attr_num },
389 { "Accounting Session Time", NULL, 0, 0, print_attr_num },
390 { "Accounting Input Packets", NULL, 0, 0, print_attr_num },
391 { "Accounting Output Packets", NULL, 0, 0, print_attr_num },
392 { "Accounting Termination Cause", acct_term, TAM_SIZE(acct_term)-1, 1, print_attr_num },
393 { "Accounting Multilink Session ID", NULL, 0, 0, print_attr_string },
394 { "Accounting Link Count", NULL, 0, 0, print_attr_num },
395 { "Accounting Input Giga", NULL, 0, 0, print_attr_num },
396 { "Accounting Output Giga", NULL, 0, 0, print_attr_num },
397 { "Unassigned", NULL, 0, 0, NULL }, /*54*/
398 { "Event Timestamp", NULL, 0, 0, print_attr_time },
399 { "Unassigned", NULL, 0, 0, NULL }, /*56*/
400 { "Unassigned", NULL, 0, 0, NULL }, /*57*/
401 { "Unassigned", NULL, 0, 0, NULL }, /*58*/
402 { "Unassigned", NULL, 0, 0, NULL }, /*59*/
403 { "CHAP challenge", NULL, 0, 0, print_attr_string },
404 { "NAS Port Type", nas_port_type, TAM_SIZE(nas_port_type), 0, print_attr_num },
405 { "Port Limit", NULL, 0, 0, print_attr_num },
406 { "Login LAT Port", NULL, 0, 0, print_attr_string }, /*63*/
407 { "Tunnel Type", tunnel_type, TAM_SIZE(tunnel_type)-1, 1, print_attr_num },
408 { "Tunnel Medium", tunnel_medium, TAM_SIZE(tunnel_medium)-1, 1, print_attr_num },
409 { "Tunnel Client End", NULL, 0, 0, print_attr_string },
410 { "Tunnel Server End", NULL, 0, 0, print_attr_string },
411 { "Accounting Tunnel connect", NULL, 0, 0, print_attr_string },
412 { "Tunnel Password", NULL, 0, 0, print_attr_string },
413 { "ARAP Password", NULL, 0, 0, print_attr_strange },
414 { "ARAP Feature", NULL, 0, 0, print_attr_strange },
415 { "ARAP Zone Acces", arap_zone, TAM_SIZE(arap_zone)-1, 1, print_attr_num }, /*72*/
416 { "ARAP Security", NULL, 0, 0, print_attr_string },
417 { "ARAP Security Data", NULL, 0, 0, print_attr_string },
418 { "Password Retry", NULL, 0, 0, print_attr_num },
419 { "Prompt", prompt, TAM_SIZE(prompt), 0, print_attr_num },
420 { "Connect Info", NULL, 0, 0, print_attr_string },
421 { "Config Token", NULL, 0, 0, print_attr_string },
422 { "EAP Message", NULL, 0, 0, print_attr_string },
423 { "Message Authentication", NULL, 0, 0, print_attr_string }, /*80*/
424 { "Tunnel Private Group", NULL, 0, 0, print_attr_string },
425 { "Tunnel Assigned ID", NULL, 0, 0, print_attr_string },
426 { "Tunnel Preference", NULL, 0, 0, print_attr_num },
427 { "ARAP Challenge Response", NULL, 0, 0, print_attr_strange },
428 { "Accounting Interim Interval", NULL, 0, 0, print_attr_num },
429 { "Accounting Tunnel packets lost", NULL, 0, 0, print_attr_num }, /*86*/
430 { "NAS Port ID", NULL, 0, 0, print_attr_string },
431 { "Framed Pool", NULL, 0, 0, print_attr_string },
432 { "Unassigned", NULL, 0, 0, NULL },
433 { "Tunnel Client Authentication ID", NULL, 0, 0, print_attr_string },
434 { "Tunnel Server Authentication ID", NULL, 0, 0, print_attr_string },
435 { "Unassigned", NULL, 0, 0, NULL }, /*92*/
436 { "Unassigned", NULL, 0, 0, NULL } /*93*/
437 };
438
439
440 /*****************************/
441 /* Print an attribute string */
442 /* value pointed by 'data' */
443 /* and 'length' size. */
444 /*****************************/
445 /* Returns nothing. */
446 /*****************************/
447 static void
448 print_attr_string(register u_char *data, u_int length, u_short attr_code )
449 {
450 register u_int i;
451
452 TCHECK2(data[0],length);
453
454 switch(attr_code)
455 {
456 case TUNNEL_PASS:
457 if (*data && (*data <=0x1F) )
458 printf("Tag %u, ",*data);
459 data++;
460 printf("Salt %u ",EXTRACT_16BITS(data) );
461 data+=2;
462 length-=2;
463 break;
464 case TUNNEL_CLIENT_END:
465 case TUNNEL_SERVER_END:
466 case TUNNEL_PRIV_GROUP:
467 case TUNNEL_ASSIGN_ID:
468 case TUNNEL_CLIENT_AUTH:
469 case TUNNEL_SERVER_AUTH:
470 if (*data <= 0x1F)
471 {
472 printf("Tag %u",*data);
473 data++;
474 length--;
475 }
476 break;
477 }
478
479 for (i=0; i < length ; i++, data++)
480 printf("%c",(*data < 32 || *data > 128) ? '.' : *data );
481
482 return;
483
484 trunc:
485 printf("|radius");
486 }
487
488 /*
489 * print vendor specific attributes
490 */
491
492 static void
493 print_vendor_attr(register u_char *data, u_int length, u_short attr_code _U_)
494 {
495 u_int idx;
496 u_int vendor_id;
497 u_int vendor_type;
498 u_int vendor_length;
499
500 /* FIXME: all sort of boundary checks */
501 vendor_id = EXTRACT_32BITS(data);
502 data+=4;
503 length-=4;
504
505 printf("Vendor: %s (%u)",
506 tok2str(oui_values,"Unknown",vendor_id),
507 vendor_id);
508
509 while (length >= 2) {
510 vendor_type = *(data);
511 vendor_length = *(data+1);
512 data+=2;
513 printf("\n\t Vendor Attribute: %u, Length: %u, Value: ",
514 vendor_type,
515 vendor_length);
516 for (idx = 0; idx < vendor_length ; idx++, data++)
517 printf("%c",(*data < 32 || *data > 128) ? '.' : *data );
518 length-=vendor_length;
519 }
520 }
521
522
523
524 /******************************/
525 /* Print an attribute numeric */
526 /* value pointed by 'data' */
527 /* and 'length' size. */
528 /******************************/
529 /* Returns nothing. */
530 /******************************/
531 static void
532 print_attr_num(register u_char *data, u_int length, u_short attr_code )
533 {
534 u_int8_t tag;
535 u_int32_t timeout;
536
537 if (length != 4)
538 {
539 printf("ERROR: length %u != 4", length);
540 return;
541 }
542
543 TCHECK2(data[0],4);
544 /* This attribute has standard values */
545 if (attr_type[attr_code].siz_subtypes)
546 {
547 static const char **table;
548 u_int32_t data_value;
549 table = attr_type[attr_code].subtypes;
550
551 if ( (attr_code == TUNNEL_TYPE) || (attr_code == TUNNEL_MEDIUM) )
552 {
553 if (!*data)
554 printf("Tag[Unused]");
555 else
556 printf("Tag[%d]", *data);
557 data++;
558 data_value = EXTRACT_24BITS(data);
559 }
560 else
561 {
562 data_value = EXTRACT_32BITS(data);
563 }
564 if ( data_value <= (u_int32_t)(attr_type[attr_code].siz_subtypes - 1 +
565 attr_type[attr_code].first_subtype) &&
566 data_value >= attr_type[attr_code].first_subtype )
567 printf("%s",table[data_value]);
568 else
569 printf("#%u",data_value);
570 }
571 else
572 {
573 switch(attr_code) /* Be aware of special cases... */
574 {
575 case FRM_IPX:
576 if (EXTRACT_32BITS( data) == 0xFFFFFFFE )
577 printf("NAS Select");
578 else
579 printf("%d",EXTRACT_32BITS( data) );
580 break;
581
582 case SESSION_TIMEOUT:
583 case IDLE_TIMEOUT:
584 case ACCT_DELAY:
585 case ACCT_SESSION_TIME:
586 case ACCT_INT_INTERVAL:
587 timeout = EXTRACT_32BITS( data);
588 if ( timeout < 60 )
589 printf( "%02d secs", timeout);
590 else
591 {
592 if ( timeout < 3600 )
593 printf( "%02d:%02d min",
594 timeout / 60, timeout % 60);
595 else
596 printf( "%02d:%02d:%02d hours",
597 timeout / 3600, (timeout % 3600) / 60,
598 timeout % 60);
599 }
600 break;
601
602 case FRM_ATALK_LINK:
603 if (EXTRACT_32BITS(data) )
604 printf("%d",EXTRACT_32BITS(data) );
605 else
606 printf("Unnumbered" );
607 break;
608
609 case FRM_ATALK_NETWORK:
610 if (EXTRACT_32BITS(data) )
611 printf("%d",EXTRACT_32BITS(data) );
612 else
613 printf("NAS assigned" );
614 break;
615
616 case TUNNEL_PREFERENCE:
617 tag = *data;
618 data++;
619 if (tag == 0)
620 printf("Tag (Unused) %d",EXTRACT_24BITS(data) );
621 else
622 printf("Tag (%d) %d", tag, EXTRACT_24BITS(data) );
623 break;
624
625 default:
626 printf("%d",EXTRACT_32BITS( data) );
627 break;
628
629 } /* switch */
630
631 } /* if-else */
632
633 return;
634
635 trunc:
636 printf("|radius}");
637 }
638
639
640 /*****************************/
641 /* Print an attribute IPv4 */
642 /* address value pointed by */
643 /* 'data' and 'length' size. */
644 /*****************************/
645 /* Returns nothing. */
646 /*****************************/
647 static void
648 print_attr_address(register u_char *data, u_int length, u_short attr_code )
649 {
650 if (length != 4)
651 {
652 printf("ERROR: length %u != 4", length);
653 return;
654 }
655
656 TCHECK2(data[0],4);
657
658 switch(attr_code)
659 {
660 case FRM_IPADDR:
661 case LOG_IPHOST:
662 if (EXTRACT_32BITS(data) == 0xFFFFFFFF )
663 printf("User Selected");
664 else
665 if (EXTRACT_32BITS(data) == 0xFFFFFFFE )
666 printf("NAS Select");
667 else
668 printf("%s",ipaddr_string(data));
669 break;
670
671 default:
672 printf("%s",ipaddr_string(data) );
673 break;
674 }
675
676 return;
677
678 trunc:
679 printf("|radius");
680 }
681
682
683 /*************************************/
684 /* Print an attribute of 'secs since */
685 /* January 1, 1970 00:00 UTC' value */
686 /* pointed by 'data' and 'length' */
687 /* size. */
688 /*************************************/
689 /* Returns nothing. */
690 /*************************************/
691 static void print_attr_time(register u_char *data, u_int length, u_short attr_code _U_)
692 {
693 time_t attr_time;
694 char string[26];
695
696 if (length != 4)
697 {
698 printf("ERROR: length %u != 4", length);
699 return;
700 }
701
702 TCHECK2(data[0],4);
703
704 attr_time = EXTRACT_32BITS(data);
705 strlcpy(string, ctime(&attr_time), sizeof(string));
706 /* Get rid of the newline */
707 string[24] = '\0';
708 printf("%.24s", string);
709 return;
710
711 trunc:
712 printf("|radius");
713 }
714
715
716 /***********************************/
717 /* Print an attribute of 'strange' */
718 /* data format pointed by 'data' */
719 /* and 'length' size. */
720 /***********************************/
721 /* Returns nothing. */
722 /***********************************/
723 static void print_attr_strange(register u_char *data, u_int length, u_short attr_code)
724 {
725 u_short len_data;
726
727 switch(attr_code)
728 {
729 case ARAP_PASS:
730 if (length != 16)
731 {
732 printf("ERROR: length %u != 16", length);
733 return;
734 }
735 printf("User_challenge (");
736 TCHECK2(data[0],8);
737 len_data = 8;
738 PRINT_HEX(len_data, data);
739 printf(") User_resp(");
740 TCHECK2(data[0],8);
741 len_data = 8;
742 PRINT_HEX(len_data, data);
743 printf(")");
744 break;
745
746 case ARAP_FEATURES:
747 if (length != 14)
748 {
749 printf("ERROR: length %u != 14", length);
750 return;
751 }
752 TCHECK2(data[0],1);
753 if (*data)
754 printf("User can change password");
755 else
756 printf("User cannot change password");
757 data++;
758 TCHECK2(data[0],1);
759 printf(", Min password length: %d",*data);
760 data++;
761 printf(", created at: ");
762 TCHECK2(data[0],4);
763 len_data = 4;
764 PRINT_HEX(len_data, data);
765 printf(", expires in: ");
766 TCHECK2(data[0],4);
767 len_data = 4;
768 PRINT_HEX(len_data, data);
769 printf(", Current Time: ");
770 len_data = 4;
771 TCHECK2(data[0],4);
772 PRINT_HEX(len_data, data);
773 break;
774
775 case ARAP_CHALLENGE_RESP:
776 if (length < 8)
777 {
778 printf("ERROR: length %u != 8", length);
779 return;
780 }
781 TCHECK2(data[0],8);
782 len_data = 8;
783 PRINT_HEX(len_data, data);
784 break;
785 }
786
787 trunc:
788 printf("|radius}");
789 }
790
791
792
793 static void
794 radius_attr_print(register const u_char *attr, u_int length)
795 {
796 register const struct radius_attr *rad_attr = (struct radius_attr *)attr;
797
798 if (length < 3)
799 {
800 printf(" [|radius]");
801 return;
802 }
803
804 while (length > 0)
805 {
806 if (rad_attr->len == 0)
807 {
808 printf("\n\t %s Attribute (%u), zero-length",
809 attr_type[rad_attr->type].name,
810 rad_attr->type);
811 return;
812 }
813 if ( rad_attr->len <= length )
814 {
815 printf("\n\t %s Attribute (%u), length: %u, Value: ",
816 attr_type[rad_attr->type].name,
817 rad_attr->type,
818 rad_attr->len);
819
820 if ( !rad_attr->type || (rad_attr->type > (TAM_SIZE(attr_type)-1)) ) {
821 }
822 else {
823 if (rad_attr->len > 2)
824 {
825 if ( attr_type[rad_attr->type].print_func )
826 (*attr_type[rad_attr->type].print_func)(
827 ((u_char *)(rad_attr+1)),
828 rad_attr->len - 2, rad_attr->type);
829 }
830 }
831 }
832 else {
833 printf(" [|radius]");
834 return;
835 }
836 /* do we want to see an additionally hexdump ? */
837 if (vflag> 1)
838 print_unknown_data((char *)rad_attr+2,"\n\t ",(rad_attr->len)-2);
839
840 length-=(rad_attr->len);
841 rad_attr = (struct radius_attr *)( ((char *)(rad_attr))+rad_attr->len);
842 }
843 }
844
845
846 void
847 radius_print(const u_char *dat, u_int length)
848 {
849 register const struct radius_hdr *rad;
850 register u_int i;
851 u_int len, auth_idx;
852
853 if (snapend < dat)
854 {
855 printf(" [|radius]");
856 return;
857 }
858 i = snapend - dat;
859 if (i > length)
860 i = length;
861
862 if (i < MIN_RADIUS_LEN)
863 {
864 printf(" [|radius]");
865 return;
866 }
867
868 rad = (struct radius_hdr *)dat;
869 len = EXTRACT_16BITS(&rad->len);
870
871 if (len < MIN_RADIUS_LEN)
872 {
873 printf(" [|radius]");
874 return;
875 }
876
877 if (len < i)
878 i = len;
879
880 i -= MIN_RADIUS_LEN;
881
882 if (vflag < 1) {
883 printf("RADIUS, %s (%u), id: 0x%02x length: %u",
884 tok2str(radius_command_values,"Unknown Command",rad->code),
885 rad->code,
886 rad->id,
887 length);
888 return;
889 }
890 else {
891 printf("RADIUS, length: %u\n\t%s (%u), id: 0x%02x, Authenticator: ",
892 length,
893 tok2str(radius_command_values,"Unknown Command",rad->code),
894 rad->code,
895 rad->id);
896
897 for(auth_idx=0; auth_idx < 16; auth_idx++)
898 printf("%02x", rad->auth[auth_idx] );
899 }
900
901 if (i)
902 radius_attr_print( dat + MIN_RADIUS_LEN, i);
903 }
[mirror] the TCPdump network dissector